Hi Edward, Thanks for that - appreciated. I think thats enough to get me started on it - if not Ill drop you a line.
Turning auditing on is simply activating the GP at Computer Conf/ Windows Settings/ Security/ Local Polies/ audit policy/ audit object access, and then applying at the domain level? And then setting the audit as described below at the folder level and allowing it to drill down? Gavin. On Thu, Jul 31, 2008 at 9:34 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote: > If you have auditing turned on for the server ( it's a standard default > here) then you setup the auditing for the folders, and files for the > Group/groups that have access to the folders, for the following. > > > > Failure ( All) (Everyone) ( Means there is a problem with permissions or > someone that should have access is doing something and failing) > > Success: (Groups that have access) (Delete Subfolders and Files, Delete > Files) this way you skinny down what is being auditied, then as a test user > in those groups move a test folder and verify that the auditing catches the > move and makes a audit entry for success, then you can just parse out that > event id accordingly and see if anyone that should have access to the > directory is making the moves. > > > > If you need some help with this on the structure or what to look for, talk > with me offline. > > > > Z > > > > Edward E. Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP,Security+,Network+,CCA > > Phone: 401-639-3505 > ------------------------------ > > *From:* Gavin Wilby [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, July 31, 2008 4:08 PM > *To:* NT System Admin Issues > *Subject:* Re: Folders moveing themselves > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
